Whether driven by compliance policy, fraud policy, or some combination of both – financial institutions that still rely on notification letters and signature forms to validate address-change requests could face potentially serious and costly implications.
The practice of sending address-change notification letters may comply with Section 114b of the FACT Act Red Flags Rule but does almost nothing to proactively prevent fraud. There are several reasons why letters are ineffective for preventing fraud and solving associated problems:
- Too slow – First the notification letter must be produced by the institution. Then it requires one to three days to arrive via First Class mail. As today’s fraudsters are sophisticated and fast enough to liquidate an account in a matter of hours, a control that requires days is simply not effective.
- Potential to be missed – Most institutions send promotional letters to their customers. Letters validating address changes can be mistaken for direct mail and tossed rather than opened.
- Costly – Mailing a First-Class letter to the new and previous address can cost more than $1.00. Additional costs include the production of the letters, the cost of handling mail returned as undeliverable, lost interchange revenue due to card “holds” placed as a result of the address change, and of course, the losses and damages associated with fraud.
Some financial institutions are still requiring customers to visit the branch to sign a form and present identification to request an address change. The problems with this approach include:
- Inconvenient – In an era when almost all banking can be done digitally, customers may find it seriously inconvenient and annoying to have to appear in person for a simple address change.
- Not foolproof – While an in-person request can be a deterrent to criminals looking to hijack the address-change process, it certainly isn’t a comprehensive fraud detection strategy. There are many known fraud schemes that involve runners entering the branch posing as someone else to conduct business, and the address-change process is no different.
An Automated Approach
The bottom line is that, while institutions are “compliant” with regulations by using these outdated paper forms and documents for address changes, they incur large and unnecessary costs (real and opportunity costs), while missing the intended objective and spirit of the regulation: fraud prevention.
Increasingly, institutions are adopting automated approaches to handling address changes in order to better prevent account takeover, reduce the cost of address change compliance, and streamline address-change operations. The end result is a process that is smarter, faster, and safer.
The automated solution runs behind the scenes and uses massive databases and context-aware analytics to assess the riskiness of the address-change request. To significantly reduce operations costs and investigative expense, this method uses data-driven intelligence to answer the fundamental question: “Based on all of the information available, does this address change make sense?”
If the address change is below a certain risk threshold, then the institution can accept the change without any manual intervention—and satisfy compliance requirements. In cases where the solution identifies the address change as suspicious, the institution has the information needed to investigate.
Automated solutions for evaluating address changes have been evolving for nearly two decades. And the hundreds of institutions using this approach have proven that, compared to manual methods, these solutions are:
- Better and faster at stopping fraud
- Cheaper and more efficient than paper processes
- Less apt to create customer friction or inconvenience
- Compliant with FACTA Red Flags Rule, Section 114b
With customers expecting their banks to serve them digitally, financial institutions still relying on paper would be wise to assess the business case for an automated solution. I think they’ll find that their ROI can be significant.